private void DecryptDocument(X509Certificate2 decryptionSertificate)
{
var encryptedNode = ResponseDocument.SelectSingleNode("/env:Envelope/env:Body/xenc:EncryptedData", Nsmgr) as XmlElement;
if (encryptedNode == null)
return;
var encryptedXml = new EncryptedXml(ResponseDocument);
var encryptedData = new EncryptedData();
encryptedData.LoadXml(encryptedNode);
var privateKey = decryptionSertificate.PrivateKey as RSACryptoServiceProvider;
var cipher = ResponseDocument.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:CipherData/xenc:CipherValue", Nsmgr).InnerText;
AesManaged aes = new AesManaged
{
Mode = CipherMode.CBC,
KeySize = 256,
Padding = PaddingMode.None,
Key = privateKey.Decrypt(Convert.FromBase64String(cipher), true)
};
encryptedXml.ReplaceData(encryptedNode, encryptedXml.DecryptData(encryptedData, aes));
}
public void Decrypt(XmlDocument document, X509Certificate2 encryptionCert)
{
var assertion = document.FindChild(EncryptedAssertion);
if (assertion == null) return; // Not encrypted, shame on them.
var data = document.EncryptedChild("EncryptedData");
var keyElement = assertion.EncryptedChild("EncryptedKey");
var encryptedData = new EncryptedData();
encryptedData.LoadXml(data);
var encryptedKey = new EncryptedKey();
encryptedKey.LoadXml(keyElement);
var encryptedXml = new EncryptedXml(document);
// Get encryption secret key used by decrypting with the encryption certificate's private key
var secretKey = GetSecretKey(encryptedKey, encryptionCert.PrivateKey);
// Seed the decryption algorithm with secret key and then decrypt
var algorithm = GetSymmetricBlockEncryptionAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm);
algorithm.Key = secretKey;
var decryptedBytes = encryptedXml.DecryptData(encryptedData, algorithm);
// Put decrypted xml elements back into the document in place of the encrypted data
encryptedXml.ReplaceData(assertion, decryptedBytes);
}
void AssertDecryption1 (string filename)
{
XmlDocument doc = new XmlDocument ();
doc.PreserveWhitespace = true;
doc.Load (filename);
EncryptedXml encxml = new EncryptedXml (doc);
RSACryptoServiceProvider rsa = new X509Certificate2 ("Test/System.Security.Cryptography.Xml/sample.pfx", "mono").PrivateKey as RSACryptoServiceProvider;
XmlNamespaceManager nm = new XmlNamespaceManager (doc.NameTable);
nm.AddNamespace ("s", "http://www.w3.org/2003/05/soap-envelope");
nm.AddNamespace ("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
nm.AddNamespace ("e", EncryptedXml.XmlEncNamespaceUrl);
XmlElement el = doc.SelectSingleNode ("/s:Envelope/s:Header/o:Security/e:EncryptedKey", nm) as XmlElement;
EncryptedKey ekey = new EncryptedKey ();
ekey.LoadXml (el);
byte [] key = rsa.Decrypt (ekey.CipherData.CipherValue, true);
Rijndael aes = new RijndaelManaged ();
aes.Key = key;
aes.Mode = CipherMode.CBC;
ArrayList al = new ArrayList ();
foreach (XmlElement ed in doc.SelectNodes ("//e:EncryptedData", nm))
al.Add (ed);
foreach (XmlElement ed in al) {
EncryptedData edata = new EncryptedData ();
edata.LoadXml (ed);
encxml.ReplaceData (ed, encxml.DecryptData (edata, aes));
}
}
/// <summary>
/// 解密数据.
/// </summary>
/// <param name="Doc"></param>
/// <param name="Alg"></param>
public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg)
{
// Check the arguments.
if (Doc == null)
throw new ArgumentNullException("Doc");
if (Alg == null)
throw new ArgumentNullException("Alg");
// Find the EncryptedData element in the XmlDocument.
XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;
// If the EncryptedData element was not found, throw an exception.
if (encryptedElement == null)
{
throw new XmlException("The EncryptedData element was not found.");
}
// Create an EncryptedData object and populate it.
EncryptedData edElement = new EncryptedData();
edElement.LoadXml(encryptedElement);
// Create a new EncryptedXml object.
EncryptedXml exml = new EncryptedXml();
// Decrypt the element using the symmetric key.
byte[] rgbOutput = exml.DecryptData(edElement, Alg);
// Replace the encryptedData element with the plaintext XML element.
exml.ReplaceData(encryptedElement, rgbOutput);
}
public static void DecryptElement(XmlElement encryptedElement, string password)
{
RijndaelWrapper wrapper = new RijndaelWrapper(password);
EncryptedData data = new EncryptedData();
data.LoadXml(encryptedElement);
EncryptedXml result = new EncryptedXml();
byte[] decrypted = result.DecryptData(data, wrapper.SymmetricAlgorithm);
result.ReplaceData(encryptedElement, decrypted);
}
public void Sample2 ()
{
RijndaelManaged aes = new RijndaelManaged ();
aes.Mode = CipherMode.CBC;
aes.KeySize = 256;
aes.Key = Convert.FromBase64String ("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
aes.Padding = PaddingMode.Zeros;
XmlDocument doc = new XmlDocument ();
doc.PreserveWhitespace = true;
doc.Load ("Test/System.Security.Cryptography.Xml/EncryptedXmlSample2.xml");
EncryptedXml encxml = new EncryptedXml (doc);
EncryptedData edata = new EncryptedData ();
edata.LoadXml (doc.DocumentElement);
encxml.ReplaceData (doc.DocumentElement, encxml.DecryptData (edata, aes));
}
// Replace the encrytped XML element with the decrypted data for signature verification
private void ReplaceEncryptedData(XmlElement encryptedDataElement, byte[] decrypted)
{
XmlNode parent = encryptedDataElement.ParentNode;
if (parent.NodeType == XmlNodeType.Document)
{
// We're replacing the root element. In order to correctly reflect the semantics of the
// decryption transform, we need to replace the entire document with the decrypted data.
// However, EncryptedXml.ReplaceData will preserve other top-level elements such as the XML
// entity declaration and top level comments. So, in this case we must do the replacement
// ourselves.
parent.InnerXml = EncryptedXml.Encoding.GetString(decrypted);
}
else
{
// We're replacing a node in the middle of the document - EncryptedXml knows how to handle
// this case in conformance with the transform's requirements, so we'll just defer to it.
EncryptedXml.ReplaceData(encryptedDataElement, decrypted);
}
}
static void Main(string[] args)
{
byte[] bytes = System.Text.Encoding.Unicode.GetBytes(args[0]);
System.Security.Cryptography.RijndaelManaged rijndaelManaged = new System.Security.Cryptography.RijndaelManaged();
rijndaelManaged.Key = bytes;
XmlDocument xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.Load("needfiles");
XmlElement xmlElement = xmlDocument.GetElementsByTagName("EncryptedData")[0] as XmlElement;
EncryptedData encryptedData = new EncryptedData();
encryptedData.LoadXml(xmlElement);
EncryptedXml encryptedXml = new EncryptedXml();
byte[] decryptedData = encryptedXml.DecryptData(encryptedData, rijndaelManaged);
encryptedXml.ReplaceData(xmlElement, decryptedData);
if (rijndaelManaged != null)
{
rijndaelManaged.Clear();
}
Console.WriteLine(xmlDocument.OuterXml);
}
public void RoundtripSample1 ()
{
StringWriter sw = new StringWriter ();
// Encryption
{
XmlDocument doc = new XmlDocument ();
doc.PreserveWhitespace = true;
doc.LoadXml ("<root> <child>sample</child> </root>");
XmlElement body = doc.DocumentElement;
RijndaelManaged aes = new RijndaelManaged ();
aes.Mode = CipherMode.CBC;
aes.KeySize = 256;
aes.IV = Convert.FromBase64String ("pBUM5P03rZ6AE4ZK5EyBrw==");
aes.Key = Convert.FromBase64String ("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
aes.Padding = PaddingMode.Zeros;
EncryptedXml exml = new EncryptedXml ();
byte [] encrypted = exml.EncryptData (body, aes, false);
EncryptedData edata = new EncryptedData ();
edata.Type = EncryptedXml.XmlEncElementUrl;
edata.EncryptionMethod = new EncryptionMethod (EncryptedXml.XmlEncAES256Url);
EncryptedKey ekey = new EncryptedKey ();
// omit key encryption, here for testing
byte [] encKeyBytes = aes.Key;
ekey.CipherData = new CipherData (encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod (EncryptedXml.XmlEncRSA15Url);
DataReference dr = new DataReference ();
dr.Uri = "_0";
ekey.AddReference (dr);
edata.KeyInfo.AddClause (new KeyInfoEncryptedKey (ekey));
edata.KeyInfo = new KeyInfo ();
ekey.KeyInfo.AddClause (new RSAKeyValue (RSA.Create ()));
edata.CipherData.CipherValue = encrypted;
EncryptedXml.ReplaceElement (doc.DocumentElement, edata, false);
doc.Save (new XmlTextWriter (sw));
}
// Decryption
{
RijndaelManaged aes = new RijndaelManaged ();
aes.Mode = CipherMode.CBC;
aes.KeySize = 256;
aes.Key = Convert.FromBase64String (
"o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
aes.Padding = PaddingMode.Zeros;
XmlDocument doc = new XmlDocument ();
doc.PreserveWhitespace = true;
doc.LoadXml (sw.ToString ());
EncryptedXml encxml = new EncryptedXml (doc);
EncryptedData edata = new EncryptedData ();
edata.LoadXml (doc.DocumentElement);
encxml.ReplaceData (doc.DocumentElement, encxml.DecryptData (edata, aes));
}
}
public void ReplaceData_EncryptedDataNull ()
{
EncryptedXml ex = new EncryptedXml ();
XmlDocument doc = new XmlDocument ();
ex.ReplaceData (doc.DocumentElement, null);
}
public void ReplaceData_XmlElementNull ()
{
EncryptedXml ex = new EncryptedXml ();
ex.ReplaceData (null, new byte[0]);
}
//解密
private void btnJieMi_Click(object sender, EventArgs e)
{
try
{
RijndaelManaged key = new RijndaelManaged();
key.IV = keyIv;
key.Key = keyKey;
XmlDocument Doc = new XmlDocument();
Doc.PreserveWhitespace = true;
Doc.Load(this.label1.Text);
XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;
if (encryptedElement == null)
{
throw new XmlException("T错误!");
}
EncryptedData edElement = new EncryptedData();
edElement.LoadXml(encryptedElement);
EncryptedXml exml = new EncryptedXml();//利用它解密
byte[] rgbOutput = exml.DecryptData(edElement, key);//利用解药解密
exml.ReplaceData(encryptedElement, rgbOutput);//替换密文部分
Doc.Save(this.label1.Text);
succes();
}
catch (Exception ex)
{
fail();
}
}
// Methods
private static void Decrypt(XmlDocument doc, SymmetricAlgorithm alg)
{
XmlElement element = doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;
EncryptedData encryptedData = new EncryptedData();
encryptedData.LoadXml(element);
EncryptedXml xml = new EncryptedXml();
byte[] decryptedData = xml.DecryptData(encryptedData, alg);
xml.ReplaceData(element, decryptedData);
}